Security Patch 23.21.44

Installed the security update above this morning without issue and since it only specified as a security patch, I "assumed" it was the long awaited Stagefright vulnerability fix. After a couple of reboots I ran two different Stagefright detectors and both failed. So, either the two detectors are both flawed or, the OTA update is for other vulnerabilities. I would be hesitant to trust that the Stagefright risk is corrected until we see an actual changelog of what's in 23.21.44.

Sorry I've been inactive for awhile. I also got the update, but what is the Stagefright vulnerability?

Click to expand...

Here is how I understand it (in laymen's terms). Some security company found a vulnerability in Android that if a hacker sent you a malicious picture in a text (MMS message) that had a very specific code in it, they could maybe take control of your phone and you would not know it. So...they would have to know how to write this malicious code, embed it into a picture, know your specific phone number and send it to you as a MMS text. Then....if you opened the text and viewed the pic...they could maybe take control of your phone. The whole thing was way overblown by the tech media in my opinion. It was not some virus just being spread around the world...it was very specific and apparently no one has ever been hacked using this method. But people freaked out and whined and cried because their phones didn't have the "patch". The company that found the vulnerability then made an app that you can check to see if your phone is patched or not...and if not the app will take you to their website to buy their products. Brilliant! That's not fishy at all? Oh..and now they have mysteriously found a new vulnerability that is similar to the first but it involves texting you a malicious audio file. How convenient that as many phones get the patch...they find another vulnerability...so now we all need another patch...according to them. I still think the whole think was blown way out of proportion & they made a ton of money out of it. But that's just me.

Possibly. If the hacker knows how to embed the code into the file and then if they know your specific phone number and if they send you the malicious file. For me....that's too many if's to worry about.